I will read the doc so i can understand subnet masks better in the future.

Assuming your two subnets are now set to /24s...

Your exterior gateway uses NAT. All communication with the outside world share a single IP address a.b.c.d:

Code:

{Internet} - a.b.c.d [gateway] private network 10.1.0.0/24

Your inner subnet is 10.2.0.0/24. It uses NAT also, so that all devices on that subnet appear to originate from the inner router. I don't know its address so I will use 10.1.0.x below.

Using NAT on the inner router is not required. However, to turn off NAT requires changing your routing tables on the 10.1.0.0/24 subnet.
Introduction to routing

In a simple one-router network, each device needs to know three things about their subnet:

Their own IP address

Their netmask, defining the size of their subnet

The address of the gateway router on their subnet for packets that go outside the subnet.

Every time a device has an outbound IP packet, the network stack just compares its own IP address to the destination IP address, using the netmask to determine if the address is inside or outside the subnet.

If the destination is inside the subnet, the packet is sent to the destination directly, using the Address Resolution Protocol (ARP) to discover the MAC address of the destination IP device.

If the destination is outside the subnet, the packet is sent to the router for forwarding.

In a network with a single router, the routing table in our devices have a single entry, for a default route. Any destination IP address outside the subnet has its packets sent to the default router. Default routes (with a subnet of "everything" or 0.0.0.0/0) are all that are needed.

Now let's look at your network again, and consider the 10.2.0.0/24 network. I don't know the address of its router on the outer 10.1.0.0/24 network, so I have used 10.1.0.x as its address.

If NAT is not used on the inner 10.2.0.0/24 subnet, the devices on the outer 10.1.0.0/24 subnet cannot reach the 10.2.0.0/24 devices unless we add an entry to our routing tables.

Let's look first out the router at 10.1.0.1:

This computer has only a default route somewhere in the a.b.c.d/nn subnet It's inner subnet it knows as 10.1.0.0/24. If it receives a packet destined for 10.2.0.33, it will forward that packet to its default route, in error, as it is somewhere in the a.b.c.d/nn subnet.

The ISP will drop that packet, since none of the IP addresses in RFC 1918 are permitted to be routed on the Internet. This is why we use RFC 1918 addresses on our networks. It prevents us from accidentally sending these packets out on the Internet by mistake.

Let's add a route on the 10.1.0.1 router, pointing to the inner network. I'm using 10.1.0.x because I don't know the address of the inner router on the 10.1.0.0/24 subnet. An entry in the routing table is added in the form <destination subnet> <gateway>:

# route add 10.2.0.0/24 10.1.0.x

Now, packets that come to the outer router for 10.2.0.0/24 addresses will be forwarded to 10.1.0.x for further transmission.

With this one additional entry in the outermost router's table, a device on the 10.1.0.0/24 subnet can reach devices on the 10.2.0.0/24 subnet. But it's inefficient. All packets will be sent to the outer router, which will forward them to the inner router. If you add routing table entries on the devices of the 10.1.0.0/24 network, they can reach the 10.1.0.x router directly, and will not need to involve the outer router at 10.1.0.1 at all.

The innermost network does not need anything added to its routing tables. Packets from 10.2.0.33 will be sent to 10.2.0.1 for further forwarding. If those packets are addressed to devices on the 10.1.0.0/24 subnet, it will send them to the device. If they are destined for the Internet, the inner router will use the address of the router in its default route: 10.1.0.1.

Last edited by jggimi; 6th July 2014 at 02:11 PM.
Reason: typos, clarity